# ---
# apiVersion: v1
# kind: Namespace
# metadata:
#   name: console
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: console-serviceaccount
  # namespace: console
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: console
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: console-serviceaccount
  # namespace: console
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: console-deployment
  # namespace: console
  labels:
    app: console
spec:
  replicas: 1
  selector:
    matchLabels:
      app: console
  template:
    metadata:
      labels:
        app: console
    spec:
      serviceAccountName: console-serviceaccount
      containers:
        - name: console-app
          image: quay.io/openshift/origin-console:4.12
          resources:
            limits:
              cpu: 300m
              memory: 256Mi
            requests:
              cpu: 300m
              memory: 256Mi
          securityContext:
            seccompProfile:
              type: RuntimeDefault
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE          
          env:
            - name: BRIDGE_USER_AUTH
              value: disabled # no authentication required
            - name: BRIDGE_K8S_MODE
              value: in-cluster
            - name: BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT
              value: https://kubernetes.default #master api
            - name: BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS
              value: "true" # no tls enabled
---
kind: Service
apiVersion: v1
metadata:
  name: console-service
  # namespace: console
spec:
  selector:
    app: console
  ports:
    - name: http
      port: 80
      targetPort: 9000
      protocol: TCP
  type: LoadBalancer
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: console-ingress
  # namespace: console  
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: console.my
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: console-service
            port:
              number: 9000